Connect with us

Hi, what are you looking for?

Technology

TikTok phishing threatens to delete influencers’ accounts


TikTok phishing threatens to delete influencers’ accounts

Researchers have observed a new phishing campaign primarily targeting high-profile TikTok accounts belonging to influencers, brand consultants, production studios, and influencers’ managers.

Abnormal Security researchers who spotted the attacks, observed two activity peaks while observing the distribution of emails in this particular campaign, on October 2, 2021, and on November 1, 2021, so a new round will likely start in a couple of weeks.

You’ve got mail!

In some cases seen by Abnormal Security, the actors impersonate TikTok employees, threatening the recipient with imminent account deletion due to an alleged violation of the platform’s terms.

Phishing message alerting the recpient of a violation
Phishing message alerting the recipient of a violation
Source: Abnormal Security

Another theme used in the emails is offering a ‘Verified’ badge that adds credibility and authenticity to the account.

TikTok ‘Verified’ badges give weight to the content posted by verified accounts and signal the platform’s algorithms to ramp up the exposure rates of posts from these accounts.

Using this bait for phishing is very effective as many people would be thrilled to receive an email offering them the chance to get a verification badge.

Email offering a verification badge to the user
Email offering a verification badge to the user
Source: Abnormal Security

In both cases, the attackers provide their targets with a way to verify their accounts by clicking an embedded link.

However, they are instead redirected to a WhatsApp chat room where they’re welcomed by a scammer pretending to be a TikTok employee awaits.

The scammer asks for their email address, phone number, and one-time code required to bypass multi-factor authentication and reset the account’s password.

Advertisement. Scroll to continue reading.
Scammer discussing with the victim on WhatsApp
Scammer discussing with the victim on WhatsApp
Source: Abnormal Security

Account takeover or extortion?

It is unclear what the phishing actors aim for in this campaign, but it could be either an attempt to take over the targets’ accounts or to extort the account owners and force them to pay a ransom for giving them back control.

TikTok’s terms of service make it clear that if an account, especially one with many followers, violates its services, it will be permanently suspended or terminated.

This means that the actors can easily threaten to post something inappropriate, resulting in the deletion of a profile that its owner may have spent a lot of time and money to bring to its current form.

If you own and/or manage valuable social media accounts, make sure to backup all your content and data somewhere safe.

Also, you should always secure your account with two-factor authentication (2FA) or 2-step verification, as TikTok calls it, ideally with a hardware security key.

If you can only use the less secure SMS-based 2FA option, pick up a private number you’ve shared with nobody and use it only for this purpose.



Source link

Click to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Advertisement

Latest

Technology

Researchers have observed a new phishing campaign primarily targeting high-profile TikTok accounts belonging to influencers, brand consultants, production studios, and influencers’ managers. Abnormal Security...

Social Media

A new study by Pew Research has once again underlined the ‘dominance of the few’ rule on social media, with the numbers showing that...

Top Stories

Decentralized exchange, or DEX, and self-custody wallet platform Portal has announced a strategic partnership agreement with layer-two blockchain network Polygon to advance Bitcoin functionality...

Online Business Success

People shop at market stalls, with skyscrapers of the City of London financial district seen behind, amid the coronavirus disease (COVID-19) pandemic, in London,...

Top Stories

The Bank of Russia will only fully adopt a central bank digital currency (CBDC) if the digital ruble meets several conditions within pilot tests,...

Top Stories

Analytical data from BscScan, a sister product of Etherscan, reveals that Binance Smart Chain (BSC) surpassed 14.7 million blockchain transactions on Tuesday. This establishes...

Social Media

Twitter has shared some new insights into the rising discussion around college football and the NFL, which, like most sports, has seen a big...

Top Stories

Staples Center will now be known as Crypto.com Arena, after an agreement with its owner AEG. Staples Center is a multi-purpose arena that has...

Advertisement

You May Also Like

Blogging

In this post, I will discuss the top ten profitable blogging niches ideas for Adsense approval and high traffic. whether you use Blogger or...

SEO Guide

How to index website on Google? Do you want to drive more organic traffic to your new website? I am sure your answer is...

SEO Guide

Want to rank in Google image search? Images that you use as a featured images when writing a post actually appear on Google Images...

SEO Guide

There are all kinds of pictures of the world on the internet, but to find one of these specific pictures that you want to...

Advertisement